MGASA-2020-0014
- Source
- https://advisories.mageia.org/MGASA-2020-0014.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0014.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2020-0014
- Related
- Published
- 2020-01-05T15:37:51Z
- Modified
- 2020-01-05T15:11:51Z
- Summary
- Updated jhead packages fix security vulnerabilities
- Details
-
Updated jhead package fixes security vulnerabilities:
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file (CVE-2019-19035).
A vulnerability was found in jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file (CVE-2019-1010301).
A vulnerability was found in jhead 3.03 is affected by: Incorrect Access Control. The impact is: Denial of service. The component is: iptc.c Line 122 show_IPTC(). The attack vector is: the victim must open a specially crafted JPEG file (CVE-2019-1010302).
- References
-
- https://advisories.mageia.org/MGASA-2020-0014.html
- https://bugs.mageia.org/show_bug.cgi?id=25938
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3WVQTORTGQE56XXC6OVHQCSCUGABRMQZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GPNV43VBUCMUBRBKPJBY4DDSYLHQ2GFR/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / jhead
Package
- Name
- jhead
- Purl
- pkg:rpm/mageia/jhead?distro=mageia-7